From 0ad90d81d616b3be33b184cf4e90201f1509d589 Mon Sep 17 00:00:00 2001 From: xavier Date: Thu, 30 Apr 2026 17:03:38 +0200 Subject: [PATCH] Adding --ssh-public-keys parameter to secure initial deployment. --- nixos-infra/scripts/create-lxc-nixos.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/nixos-infra/scripts/create-lxc-nixos.sh b/nixos-infra/scripts/create-lxc-nixos.sh index 813696b..2dcd517 100644 --- a/nixos-infra/scripts/create-lxc-nixos.sh +++ b/nixos-infra/scripts/create-lxc-nixos.sh @@ -30,6 +30,7 @@ Options: -i, --ip IP Static IP (e.g. 192.168.1.100/24). -C, --cmode CMODE Console mode (console or tty). Default: console. -T, --tags TAGS Tags for the container (optional). + -k, --ssh-public-keys KEYS SSH public keys for the container. --pve-host HOST Proxmox host (e.g. pve). --pve-user USER Proxmox user (default: admin). --pve-port PORT SSH port for Proxmox (default: 22). @@ -61,6 +62,7 @@ UNPRIVILEGED="${UNPRIVILEGED:-0}" IP="${IP:-}" CMODE="${CMODE:-console}" TAGS="${TAGS:-}" +SSH_PUBLIC_KEYS="${SSH_PUBLIC_KEYS:-}" # --- Parse Arguments with docopts (Lowest Priority) --- args=$(docopts -h "$usage" : "$@") @@ -104,8 +106,8 @@ fi if [ -z "$TEMPLATE" ] || [ -z "$ROOTFS_SIZE" ] || [ -z "$CORES" ] || \ [ -z "$MEMORY" ] || [ -z "$SWAP" ] || [ -z "$PASSWORD" ] || \ [ -z "$BRIDGE" ] || [ -z "$DOMAIN" ] || [ -z "$UNPRIVILEGED" ] || \ - [ -z "$CMODE" ] || [ -z "$PVE_HOST" ] || [ -z "$PVE_USER" ] || \ - [ -z "$PVE_PORT" ]; then + [ -z "$CMODE" ] || [ -z "$SSH_PUBLIC_KEYS" ] || \ + [ -z "$PVE_HOST" ] || [ -z "$PVE_USER" ] || [ -z "$PVE_PORT" ]; then echo "❌ Error: One or more critical parameters are missing." >&2 exit 1 fi @@ -147,7 +149,7 @@ echo "🚀 Creating LXC container $SHORT_NAME on $PVE_HOST..." CREATE_CMD="pct create $ROOTFS_SIZE $TEMPLATE --cores $CORES \ --memory $MEMORY --swap $SWAP --hostname $SHORT_NAME.$DOMAIN \ --password $PASSWORD --unprivileged $UNPRIVILEGED --net0 $NET_OPTS \ ---onboot 1 --cmode $CMODE" +--onboot 1 --cmode $CMODE --ssh-public-keys $SSH_PUBLIC_KEYS" if [ -n "$TAGS" ]; then CREATE_CMD="$CREATE_CMD --tags $TAGS" fi